1. Field of Invention
This invention relates generally to the field of online commerce, and more particularly, to system and methods for the online distribution of digital media data over public communication networks.
2. Background of the Invention
The rapid development of the Internet and the World Wide Web has primarily focused on these technologies as vehicles for online commerce for the distribution of their products. From a commercial perspective, xe2x80x9cdistributionxe2x80x9d includes the two distinct phases of purchase and delivery. Many companies only support the purchase phase online. Typically, this is done by providing an online catalog of products and enabling a consumer to view the catalogs and provide payment information, such as a credit card, to the company""s Web site. The purchased merchandise is then delivered off-line by mailing to the purchaser. Overwhelmingly, the majority of products purchased in this manner are traditional non-digital media, such as books, clothing, food products, and the like. Even digital media, such as computer software, video, and audio is purchased in this manner, with product selection and purchase being made online but the delivery being made conventionally by mailing the digital media to the purchaser on a conventional medium such as floppy diskette, CD-ROM, video cassette, audio tape or audio CD.
In contrast to conventional online purchase-off-line distribution systems, a complete system for the online distribution of digital media, such as digital audio, would provide online support for both the purchase and delivery phases. Such an online distribution system presents a number of special challenges not associated with non-digital products. For example, with conventional distribution of music on CD and cassette tapes, losses from copyright infringement from illegal copying of music are estimated at about $1 billion worldwide, annually. The susceptibility of digital audio to unauthorized copying, and the ability to create perfect duplicates, raises the specter of even more significant losses to the music industry, and has been the single greatest factor in the music industry""s reluctance to make music available for purchase over the Internet. Thus, an online music purchase and distribution system must be demonstratively secure from a large variety of attacks and misuses in order to preserve the music owner""s intellectual property rights.
At least three types of risks are present in the online distribution of music. First, there is a considerable security risk in simply maintaining digital media products in computer systems connected to public networks such as the Internet for access by consumers. In order to effectively enable purchasers to review and purchase digital media, the audio distributor""s computer system storing such media must be networked. However, given the commercial value of such digital media, whether audio data, video data, software, or the like, such sites would be likely targets of computer-based attacks. Further, the very presence of an online commerce system is itself an inducement to xe2x80x98crackersxe2x80x99 to attempt to break the security controls of such a system and gain access thereto. Thus, an online music distribution system for digital media must be secure from such direct attacks. Further, if the online music distribution system is compromised, it is desirable that the underlying media itself be secure against unauthorized copying.
Similarly, the protocols and transmission mechanisms by which an online music distribution system delivers digital audio to a legitimate purchaser must also be secure, to prevent unauthorized users from intercepting deliveries of the audio and related media over the network.
Finally, once the audio product has been delivered to a user, it must be made secure against unauthorized duplication by the user or by others.
These constraints on an online music distribution system are in conflict with many of the features consumers want in terms of flexibility and ease of use. In particular regard to the purchase of audio data, such as songs and related media (e.g., the lyrics, graphics, liner notes which typically accompany conventional retail forms of audio) consumers want to be able to sample audio products prior to purchasing. It is desirable for such an online music distribution system then to provide some mechanism by which users can play limited portions of songs and view related media without having to purchase the song. In addition, a consumer should be able to pass on preview music to other potential new customers.
Similarly, purchasers of music in traditional forms such as compact disc or cassettes are accustomed to simple, easy to use consumer devices, such as portable compact disc players to tape players. For the successful distribution of music over the Internet, the security requirements must not unduly interfere with consumer""s ease of use of the system. A consumer should be able to purchase and playback audio easily and securely. However, the security measures, particularly the encryption mechanisms, should make the purchased audio unusable outside of the specific devices and mechanism designed to cooperate with the distribution system.
Similarly, consumers are accustomed to being able to play music purchases anywhere they can carry a CD and CD player. Consumers will expect similar portability when purchasing digital media over the Internet. Accordingly, a desirable online music distribution system should allow a consumer to playback purchased audio not merely on a single computer, but on any platform equipped with an appropriately licensed playback device and the licensee""s personal identification.
Also, given the very high audio fidelity available today with conventional CD products, audio purchased over the Internet from an online music distribution system must have at least the same level of fidelity, or otherwise consumers will not purchase such products. Thus, any encryption or compression methods used must not induce significant signal loss, or impair playback performance.
There already exists today various forms of online payment processing systems, such as credit card and debit card authorization systems. In addition, many new forms of online payment are now developing, and will continue to develop in the future, including digital cash, micropayments, and the like. Accordingly, an online music distribution system should not require a single form of payment, or use a proprietary payment processing system. Rather, a desirable online music distribution system should be adaptable to integrate with all forms of payment processors. Similarly, many merchants are now providing their own online commerce servers from which they offer and distribute products as the retail vendor of such products. A desirable online music distribution system should integrate with any variety of merchant systems.
An online music distribution system should also allow for the recovery of secured audio content by consumers who have lost the identification or other security information (such as an encryption key) required to use their purchases. In addition, independent agencies which police copyright infringements should also be able to recover infringing copies, and identify the creator of such infringements.
The present invention provides a secure online music distribution system that provides consumers with flexibility and ease of use in the selection, previewing, downloading, and transporting of audio and other digital media over the Internet, and that provides for security of the media throughout the distribution system.
An online music distribution system in accordance with the present invention includes a variety of cooperative components that communicate over a public network, preferably the Internet. These components include a content manager, one or more delivery servers, a media data file system and media information database. Internet communications by the system are facilitated by HTTP servers. Any number of individual purchasers use client computer systems with Web browsers and media players.
Secure distribution of audio is provided by three aspects of the present invention. First, unlike conventional media delivery systems, the present invention supports both phases of distribution online: the commercial phase of a purchase transaction, such as authentication of the purchaser and payment, and the delivery of the purchased media itself. This aspect of the online music distribution system is provided by having the content manager control the storage of the audio data in the media data file system, and manage the commercial aspects of a purchase or preview transaction with the purchaser. On the other hand, the actual delivery of the audio data is managed by one of the delivery servers.
Given the security needs of limiting copying, preventing attacks on the system directly and during delivery of products, the present invention provides secure protocols for consummating the purchase transaction, and for delivering the audio and other media. First, the media player of the user and the user""s identity is authenticated by the content manager. Second, the specific media being purchased is encrypted with information uniquely identifying the purchaser (and distinct from mere encryption keys), and known only to the media player of the purchaser. In this manner, only the purchaser""s media player can decrypt and playback the purchased audio. Third, the specific purchase transaction, is itself represented by a secure and trusted object which is passed between the content manager, media player, and delivery server. Fourth, once the media is delivered to the media player by the delivery server, it can only be played back in the presence of various decryption keys and confidential personal information of the purchaser.
In another aspect of the invention, encrypted and un-encrypted versions of a song are combined into a single media data file, along with descriptive text, artwork, and other information. The encrypted version of the song is a high fidelity audio image that is to be purchased. The un-encrypted versions of a song are either selected portions, or the entire song, but recorded with lesser quality, such as increased compression and/or lower sample rate. These un-encrypted lower quality xe2x80x98clipsxe2x80x99 are available free for previewing by the consumer in order to decide whether or not to purchase the high fidelity version. In addition, descriptive information, such as cover art, lyrics, credits and the like, is also available for previewing.
In another aspect of the invention, there is provided a complete security protocol that protects the purchase-quality audio images from creation by an artist all the way through purchase and playback by the user. The purchase-quality audio data is encrypted when created by the artist with a media key, a strong random number generated by an audio authoring tool. This media key is then encrypted with a public key of the content manager. The encrypted high-quality version of the song is combined with the lower-quality un-encrypted versions, descriptive information and the media key into the media data file. The media data file is uploaded to the content manager for storage in the media data file system, where it can now be purchased by consumers. While in storage in the online music distribution system, the audio images remain encrypted and tied to the specific content manager.
To purchase a media data file, a consumer first registers with the media licensing center to obtain a digital passport. The passport is a combination of data that includes personal information uniquely identifying a user, information confidential to that user, and encryption key information used to encrypt media data for that person""s use. The identifying information is typically the user""s name, address, and so forth. The confidential information is preferably some information of value to the user, such as the user""s credit card number. This information is combined in the passport with a public-private key pair generated by the media licensing center, into a digital certificate authenticating their identity. The private key information is then separately encrypted with symmetric keys, including a user-selected passphrase, and a strong random key.
The passport supports security during various phases of the purchase of media data files. First, the certificate is used to authenticate the purchaser to the content manager and delivery server.
Second, the purchaser""s public key from the passport is used by the content manager to encrypt the media key for the media data file being purchased. In this manner, only the purchaser""s media player can decrypt the media key for the purchased audio and playback the music. When the media player receives a media data file for playback, it uses the private key stored in the passport to decrypt the media key included in the media data file. The media key is then used to decrypt the audio image for playback at the user""s machine.
Third, the passport""s inclusion of confidential information (such as the user""s credit card number) is further designed to deter the purchaser from simply copying their passport and purchased audio and giving them to another person. During playback the media player displays the confidential information of the user on the computer display. The display of the confidential information provides a powerful incentive for the purchaser to protect the integrity of their passport, and hence indirectly protect the purchased media itself.
The integrity of the purchase and delivery phases of a transaction are secured by a protocol between the content manager, delivery server, the user""s Web browser, and media player that uses the purchaser""s passport, and a separate trusted data object called a media voucher. The media voucher uniquely identifies the media being purchased, the specific purchase transaction, and the specific delivery server to deliver the purchased media to the media player. The specific purchase transaction is represented by a voucher ID generated by the content manager. The media voucher is provided by the content manager to the user""s Web browser once the user""s credit card has been checked and payment authorized. The content manager also provides a receipt token, a strong random number the media player will use to complete the transaction with the specified delivery server. This completes the purchase phase of the transaction.
The delivery phase of the transaction then takes place between the media player and the delivery server, with validation of the transaction provided by the content manager. The media player creates a message authentication of the receipt and voucher ID from the media voucher and the consumer""s certificate from the passport. This step binds the specific transaction to the purchase. These data are transmitted to the delivery server. The delivery server validates the message authentication data, using the voucher ID and a certificate chain from the packet and the receipt obtained from the content manager. This step validates the identity of the media player to the delivery server. The content manager encrypts the media key of purchased audio images with the purchaser""s public key. The delivery server can then deliver the audio to the purchaser""s media player. In this way only the purchaser can decrypt the purchased audio.